Getting access to SANS GIAC official book/courseware

asadzzasadzz Posts: 14Member ■□□□□□□□□□
Hello,

I'm in Pakistan. I'm saying this at start, so you would know that US state dept has blocked all forms of access to training and cert for my country. This is really bad and sad. My option is to go to UAE and set myself for training, and for exam. Considering, I don't want to sit in exam after training I have to travel back to UAE which means cost of travelling, lodging and not to forget hefty price of sans training/exam.

My strategy is to go to UAE for exams, and do my training offline. I want for this to work have access to SANS GIAC official books, because I have talked to some GIAC certified ppl outside this forum and been told that the course-ware is a sure shot way of passing the exam.

Kindly , help me in this regard.

Comments

  • 636-555-3226636-555-3226 Posts: 976Member ■■■■■□□□□□
    I can't help you in this regard, unfortunately. You are unluckily stuck in an area with some risk involved.

    As a side note and totally unrelated to you asadzz, this does raise an interesting question. I've been to quite a few conferences in my day, many infosec-related. To be totally honest I have stereotyped many people at these conferences and I do look around and wonder to myself as I see and hear Middle Easterners, Chinese, and Eastern Europeans with very heavy accents. Are they just here for business and/or pleasure? Are they here to learn how to attack critical infrastructure? Is that guy going to try to hack into my company for his mob boss? I am 100% not a racist guy, but I do work in a field where people come from certain regions known to be hostile to my county and my company. Anybody else ever wonder the same thing when looking around, say, a SANS pentesting class?
  • wayne_wonderwayne_wonder Posts: 215Member ■■■□□□□□□□
    No i think that's just you my friend and it is a little racist if i'm honest shouldn't matter where they from or how they speak
  • 636-555-3226636-555-3226 Posts: 976Member ■■■■■□□□□□
    No i think that's just you my friend and it is a little racist if i'm honest shouldn't matter where they from or how they speak

    Ah but you aren't in charge of InfoSec for a large global company, now are you. I'm not worried about your American teenage son script-kiddying his way through my website with SQLMap. I'm worried about hardcore, deep penetration attempts from skilled members of the Chinese army, Iranian army, northern African hackers, and/or (as silly as this sounds to non-infosec people) Russian mob hackers. Statistically speaking, they're my biggest threat. When I see Alexei Vinokurov, a 28 year old Russian dude, speaking with a thick accent standing next to Mike Jones, a 60-year old Marine vet speaking with a southern drawl, I know which one is the more likely threat to me and my organization in regards to our shared class Advanced Exploit Development for Penetration Testers.
  • the_Grinchthe_Grinch Posts: 4,158Member ■■■■■■■■■■
    It's one thing to have a "profile" of adversaries who pose a threat to your company, but it is a whole different ball of wax to be sitting in a learning environment and thinking one person or another is the one who is there to come after you. You are actually limiting yourself because Mike Jones might just have as much of an axe to grind with you are Alexei Vinkokurov. When I first started in law enforcement a colleague asked to me to fingerprint a suspect while he finished up some paperwork. I go ahead and get the suspect, talk to him and finish up his fingerprints. Seemed like a nice enough old fellow so I return him to holding and let my colleague know he was good to go. He asked if I had any issues and I laughed the guy was an old man no way he was there for anything big. My colleague said "take a look at his rap sheet". This "old fellow" has quite a past and one in which you would think twice before turning your back to him in a room.

    Moral of the story is you can't judge a book by it's cover. I deal with the security of multiple international companies and an effective strategy does require you know the capabilities of various groups, but by no means does it mean that I worry less about one demographic in favor of another. My goal is to be able to detect, prevent (if possible) and limit the exposure from an attack. Thus I focus on the tactics, techniques and procedures used. Thus while some groups might utilize a 0-day to get in there is more than likely going to be common practice on how they maintain their persistence once they do get in.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • NetworkNewbNetworkNewb Posts: 3,263Member ■■■■■■■■■□
    Just saw a story online where they showed a security camera catching a nun stealing a bunch of things from a grocery store... Can't trust anyone anymore!

    Anyways as far as the OP is wondering, the only way your gonna get official SANS courseware is to take the course (which you stated you cant do), know someone who has taken the course and get it from them, or buy the courseware online from other people who have taken the course (usually eBay has some listings for these).
  • E Double UE Double U Posts: 1,556Member ■■■■■■■■□□
    Just saw a story online where they showed a security camera catching a nun stealing a bunch of things from a grocery store... Can't trust anyone anymore!

    Could've been Ben Affleck :)
    Alphabet soup: CISSP, CCSP, CISM, CISA, GPEN, GCIA, GCIH, GCCC, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Posts: 337Member ■■■□□□□□□□
    Indeed, there are security experts from every country seeking to protect their business and countries.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • BillHooBillHoo Posts: 204Member ■■■□□□□□□□
    An alternative would be to go to one of the two Hacker Universities in Iran and get a cert from them. Serious. If Pakistan has no restrictions on travel to Iran, why not? I hear, they are really good at it and have top notch training.
  • UnixGuyUnixGuy SABSA, GCFA, GPEN, CISM, RHCE, Security+, Server+, eJPT, CCNA Posts: 4,037Mod Mod
    I don't think criminal hackers with heavy accents(lol?) will be attending SANS course in your country....
    Goal: MBA, August 2020
Sign In or Register to comment.